SECURE VSAN CLUSTER USING DEVICE AUTHENTICATION AND INTEGRITY MEASUREMENTS

Organization Name

dell products l.p.

Inventor(s)

Viswanath Ponnuru of Bangalore (IN)

Krishnaprasad K of Bengaluru (IN)

Chandrashekar Nelogal of Round Rock TX (US)

SECURE VSAN CLUSTER USING DEVICE AUTHENTICATION AND INTEGRITY MEASUREMENTS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240340319 titled 'SECURE VSAN CLUSTER USING DEVICE AUTHENTICATION AND INTEGRITY MEASUREMENTS

The abstract of the patent application describes a node for a Virtual Storage Area Network (VSAN) that includes a Baseboard Management Controller (BMC), a processor, and multiple VSAN objects. The processor sets up a Cluster Membership, Monitoring, and Directory Service (CMMDS) along with a BMC Service Module (SM). The CMMDS enforces a Security Policy and Data Model (SPDM) architecture, determining an inventory list of the VSAN objects and their authentication states, which are then provided to the BMC SM. The BMC SM shares this information with the BMC, which identifies unauthenticated VSAN objects and instructs the CMMDS to stop input/output operations on those objects.

• The node for a VSAN includes a BMC, a processor, and multiple VSAN objects.
• The processor establishes a CMMDS and a BMC SM.
• The CMMDS implements a SPDM architecture for security and data modeling.
• The CMMDS determines an inventory list and authentication states of VSAN objects.
• The BMC SM shares this information with the BMC for authentication checks and control of I/O operations.

Potential Applications: - Data centers - Cloud computing environments - Storage networks

Problems Solved: - Enhanced security for VSAN objects - Efficient management of VSAN resources

Benefits: - Improved data security - Streamlined VSAN management - Enhanced control over VSAN operations

Commercial Applications: Title: Enhanced Security and Management for Virtual Storage Networks This technology can be utilized in data centers, cloud computing environments, and storage networks to enhance security and streamline management of VSAN resources. It offers improved control over VSAN operations, leading to more efficient data management and enhanced data security.

Questions about the technology: 1. How does the CMMDS determine the authentication states of VSAN objects? The CMMDS determines the authentication states of VSAN objects by implementing the SPDM architecture, which defines security policies and data models for each object.

2. What role does the BMC SM play in the authentication process? The BMC SM provides the inventory list and authentication states of VSAN objects to the BMC, which then identifies unauthenticated objects and controls I/O operations accordingly.

Original Abstract Submitted

a node for a vsan includes a bmc, a processor, and a plurality of vsan objects. the processor instantiates a cluster membership, monitoring, and directory service (cmmds) and a bmc service module (sm). the cmmds implements a security policy and data model (spdm) architecture. the cmmds determines an inventory list of the vsan objects and a spdm authentication state for each of the objects, and provides the inventory list and the spdm authentication states to the bmc sm. the bmc sm provides the inventory list and the spdm authentication state to the bmc. the bmc determines that a first vsan object is not authenticated based upon the spdm authentication state of the first vsan object, and directs the cmmds to halt input/output (i/o) operations on the vsan to the first vsan object.